ATTORNEY ' S DOCKET 
064751 . 0298 




PA' 




INT APPLICATION 



86 



WHAT IS CLAIMED IS: 



1 . 



A method for withdrawing an encryption key from 



a key escrow database, comprisirfo : 

creating a set of N trap poor encryption-decryption 
function pairs each paired withy a corresponding token; 

transmitting the set of/ N trap door encryption- 
decryption function pairs to al receiver; 

randomly selecting at the receiver one of the trap 
door encryption-decryption function pairs and the paired 
token; / 

adding randomization /information to the selected 
trap door encryption-decryption function pair and the 
corresponding token; / 

encrypting a decryption key using the corresponding 
token with the randomly/ selected encryption-decryption 
function pair; / 

recording the created set of N trap door encryption- 
decryption function pairs and the corresponding paired 
token; / 

recording the encrypted randomly selected trap door 
encryption-decryption / function pair along with the 
decryption key in a key escrow database; and 

inverting the cheated set of N trap door encryption- 
decryption function/ pairs and the encrypted randomly 
selected trap door/ encryption-decryption function pair 
along with the deception key to identify the decryption 
key . / 

2. A method/for withdrawing an encryption key from 
a key escrow database as in Claim 1, further comprising: 

encrypting trie created set of N trap door, the 
encrypt ion-decryptjion function pairs and the randomly 
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selected trap door function along with the decryption key 
prior to recording in an escrow /database . 

3. The method for withdrawing an encryption key 
from a key escrow database/ as in Claim 1, further 
comprising: / 

randomly selecting at the receiver an additional 
trap door encryption-decrypt/ion function pair and the 
paired token; / 

adding randomization information to the additional 
selected trap door encryption-decryption function pair 
and the corresponding token/; 

concatenating the fcesults of the adding of 
randomization information to the additional selected trap 
door encryption-decryption function pair to the 
encryption of the randomly selected first trap door 
encryption-decryption function pair; and 

encrypting the concatenating results using the 
encryption key from the /second choice. 

4. The method for withdrawing an encryption key 
from a key escrow database as in Claim 1 further 
comprising adding signature information to the selected 
trap door encryption -de crypt ion function pair to 
distinguish valid ^absequent decodings from invalid 
decodings. / 

5. The method/ for withdrawing an encryption key 
from a key escrow/ database as in Claim 1, wherein 
encrypting a selected trap door encryption-decryption 
function pair copprises calculating a cryptogram 
utilizing the corpresponding token and including an 
encryption key along with randomization information, as 
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well as .Additional information added for signature 
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6. A method for withdraw/ng encryption keys from a 
key escrow database, comprising 

generating, in accordance/ with a selected encryption 
function, a set of N crypt ©gram/decrypt ion key pairs, 
5 each pair having a corresponding token; 

transmitting the set of N cryptogram/ decryption key 
pairs to a receiver; 

randomly selecting 3ft the receiver one of the 
cryptogram/decryption Wefy pairs along with the 
10 corresponding token; 

decrypting the /randomly selected cryptogram 
utilizing the corresponding token to obtain a 
corresponding encryption key; 

generating a cryptogram utilizing the corresponding 
15 encryption key and comprising the selected token and 
randomization inf ormat/ion ; 

recording in an escrow database the generated set of 
N cryptogram/decryption key pairs along with each 
corresponding token /and the generated cryptogram based on 

2 0 the randomly selected cryptogram decryption key pair; and 

inverting /the recorded set of N 

cryptogram/decrypt/Lon key pairs and the generated 
cryptogram to identify an encryption key from the key 
escrow database . 

25 7. The metthod for withdrawing encryption keys from 

a key escrow database as in Claim 6, further comprising: 

randomly ^electing at the receiver one or more 
additional N / cryptogram/decryption key pairs and 
corresponding tfokens ; 

3 0 decrypting each cryptogram using the associated 

token of the additionally selected encryption/decryption 
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key pairs to identify a correspqpiding encryption key for 
each additionally selected pair;y 

generating a response/ cryptogram for each 
additionally selected cryptogram/ decryption key pair 
5 utilizing the corresponding encryption key and comprising 
the selected token and randoimzation information; and 

mixing the token information from one selected pair 
with the response cryptogram from a different selected 
pair along with randomization information to diffuse 
10 response structure prior /to generating another response 
.cryptogram. 

8. The method for ^withdrawing encryption keys from 
a key escrow database as /in Claim 6, further comprising: 

decrypting the cryptogram of a cryptogram/decryption 
15 key pair using the associated decryption key to identify 
token information . 

9. The method fdr withdrawing encryption keys from 
a key escrow database as in Claim 8 wherein mixing 
comprises utilization /of a linear transform. 

20 10. The method cor withdrawing encryption keys from 

a key escrow database as in Claim 8 wherein mixing 
comprises utilization of a symmetrical cryptosystem. 

11. The methodf for withdrawing encryption keys from 
a key escrow datapase as in Claim 8 wherein mixing 

25 further comprises/ utilization of a public key 
cryptosystem. 

12 . The methjbd for withdrawing encryption keys from 
a key escrow database as in Claim 6 wherein recording in 
an escrow database further comprises encrypting the 
3 0 generated set of / N cryptogram decryption key pairs and 
the response message prior to recording. 
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13 . The method for w>trfidrawing encryption keys from 
a key escrow databa^" as in Claim 6 further comprising 
adding signatujpe""^ information to the response message to 
enable va^i6. decodings to be distinguished from invalid 
decodirfgs . 
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14 . A method for secure communication between an 
originator and a receiver using/ message encryption, 
comprising: / 

creating at an originator a set of N trap door 
5 functions each paired with a corresponding token, each 
trap door function comprising a ycryptogram/decrypt ion key- 
pair; / 

transmitting the set of N trap door functions to a 
receiver; / 
m 10 randomly selecting at the receiver one of the trap 

door functions and the paired token; 
111 adding randomization information to the 

corresponding token of the /selected trap door function; 
lU encrypting an escrow /key with the randomly selected 

~ 15 trap door function; / 

^ transmitting the encrypted key with the randomly 

jlj selected trap door function to the originator; and 

decoding the encrypted escrow key with the randomly 
O selected trap door function utilizing retained trap door 

2 0 information. / 

15. The process/ as in Claim 14 further comprising 
decrypting the cryptogram to identify the corresponding 
token utilizing / the decryption key of the 
cryptogram/decrypt ian key pair. 
25 16. The methad as in Claim 15 wherein encrypting an 

escrow key comprises generating a cryptogram comprising 
the corresponding token, the decryption key and 
randomi zat ion inf prmat ion . 

17. The mefthod of Claim 14 wherein decoding the 
30 encrypted key /comprises selecting a decryption key 
randomly from a/selected group of decryption keys. 
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18. The method of Clai*rT^ 17 further comprising 
recognizing a correct decoding result utilizing 
structural inf ormat ioiv^nbedded in the response message. 

19. The metbefci of Claim 14 wherein creating at an 
originator furjzfier comprises generating the set of N trap 
door functions utilizing a selected encryption function 
and a nnvate encryption key. 



